Some important things to know about HIPAA and HIPAA compliance requirements


HIPAA – The Health Insurance Portability and Accountability Act of 1996 – It is a federal law that sets the standard to protect the sensitive health-related and personal information being disclosed without the person’s concern. The US health department issued the HIPAA privacy rule to implement the requirement of HIPAA.

In simple terms, one should have protected health information. Any information that helps to identify a person and his/her health-related data should be protected and should not be disclosed publicly. Meeting this requirement is known as HIPAA Compliance help.

Who should abide by HIPAA compliance?

  • Employers
  • Healthcare providers
  • Health insurance companies
  • Others involved in handling health information of people

They are all referred to as covered entities.

  1. The employers who offer health coverage to their employees and their dependents must make sure that they keep all the information like, SSN of the employee and their dependents, their medical history, the health plans that they have opted for are maintained safely.
  2. The electronic transactions of this information to and fro between the employer and the health insurance companies are increasing, they must have a proper security system to maintain these information transfers digitally.
  3. Similarly, the treating healthcare providers should also ensure that they have a proper security system in place while handling the patient’s health records digitally.
  4. The other third-party associates, who work as a bridge between employers – insurance companies – healthcare providers. They also have access to the patient’s information while handling the payments and operations should also meet the required compliance.

HIPAA privacy and security rule

  • The privacy rule sets the standards for privacy of individually identifiable information protecting certain health information.
  • The security rule sets the standards for protecting specific health information during digital transformation.

Why do we need HIPAA compliance?

  • Because all the transaction takes place electronically, the health and personal information are at security risks. Therefore the healthcare department points out that all the covered entities must adhere to HIPAA compliance.
  • While the digitalization of the entire process has improved efficiency, the health data are more to prone data theft. That is the reason the health authorities have stringent compliance policies.
  • Having said that, there is no restriction for these covered entities to improvise and implement technology on their side that requires a need.

How HIPAA compliance can be met?

Some of the basic steps that the covered entities must approach to meet the requirements are,

  • Do audits. Audits like in any process show you the results that if the process is followed as per the guidelines or not. Therefore all the entities involved should do regular audits to make sure that none of the security steps are missed.
  • Adequate and frequent training to all the persons involved in handling the health information. This helps them to understand, when and where things can go wrong?
  • Document all the steps and procedures and circulate so that every person involved in the process is aware of the entire process.
  • Have a remedial plan. If something goes wrong in the process, the entities involved should look for a quick remedial plan.

By approaching all these steps one can ensure that the HIPAA compliance help is met.


Hope the above information helps in understanding what HIPAA is, who should abide by its regulations, and how the HIPAA compliance requirements can be met.